Red Hat Report
Cloud security often inadequate
According to Red Hat's "State of Cloud-native Security" Report 2026, 97% of the companies surveyed with hybrid cloud environments reported security incidents within a year. This is based on data from around 600 IT specialists.
The causes are predominantly internal weaknesses such as misconfigurations or unpatched container images, rather than complex external attacks. The consequences range from increased effort in analysis and remediation to delayed releases and loss of productivity. 92% report noticeable effects.
Gap between self-perception and actual security approaches
There is a gap between self-image and actual security level: 56% see themselves as "proactive", but only 39% have a mature, well-defined cloud-native security strategy. Technical measures such as signature checks, runtime protection or automated guidelines can only be found in half of the companies.
Nevertheless, the majority of companies are attempting to take countermeasures: more than 60% are planning to invest in the automatic protection of their CI/CD pipelines in the next one to two years in order to implement a "security as code" approach and minimize human error. 56% want to invest in supply chain security and 54% in runtime protection for applications that detects and stops active threats such as cryptojacking or incorrect behavior of containers in real time.
Generative AI causes concern
Generative AI (GenAI) continues to be a major concern for companies, with 96% considering its use in cloud environments to be questionable. They fear the disclosure of sensitive data, the use of unauthorized tools (shadow AI) and the integration of insecure third-party AI services. Despite these fears, 59% of companies do not have documented internal guidelines on AI use or governance frameworks.













